Confidential paperwork regarding mental health patients was found in the city centre
Despite a string of recent incidents in which the Information Commissioner’s Office (ICO) has handed out a number of six-figure fines to public and private organisations following serious breaches of the Data Protection Act, it seems that some are still failing to recognise the importance of properly handling sensitive files.
According to the Sheffield Telegraph, the city’s Council could be facing the threat of a ‘massive’ fine from the ICO – as much as £500,000 – after confidential records regarding mental health patients were found ‘blowing around’ a city centre street.
"Under the law, the council has to report the incident for investigation by the Information Commissioner who can then levy a fine of up to £500,000," said Peter Wright, a data protection lawyer at Taylor Bracewell.
"This kind of incident is on the increase, particularly involving councils, and there have been some quite stiff fines handed out recently."
Indeed, earlier this week (September 11th) the ICO hit the Scottish Borders Council with a £250,000 fine after files containing information about former employees’ pensions were found dumped in a recycling bank in a supermarket car park.
While it will be some time until the full extent of the incident involving Sheffield Council comes to light – and the ICO will have to conduct a full investigation before determining a sufficient punishment – authorities are going to have to act quickly in a bid to reassure residents that their details will not be exposed to criminals.
But considering that the event involved the records of particularly vulnerable people being compromised, the Council will also need to take extensive steps to ensure the same thing does not happen again.
By using a document scanning service to digitise files, the Council could remove its reliance on physical documents and focus on securing them on properly protected network servers.